WO2006005812A2 - Mechanisms for executing a computer program - Google Patents
Mechanisms for executing a computer program Download PDFInfo
- Publication number
- WO2006005812A2 WO2006005812A2 PCT/FI2005/050279 FI2005050279W WO2006005812A2 WO 2006005812 A2 WO2006005812 A2 WO 2006005812A2 FI 2005050279 W FI2005050279 W FI 2005050279W WO 2006005812 A2 WO2006005812 A2 WO 2006005812A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- application
- user
- software
- file
- application program
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Definitions
- the invention relates to mechanisms, such as a method, an apparatus or a program product, for instance an operating system or an extension to an operating system, for executing a computer program.
- the term 'computer program' refers to a program executed in a data processing system, which, in addition to a general-purpose computer, may be an embed ⁇ ded system, which are found for instance in mobile stations and electronic de ⁇ vices having updateable software.
- One of the major problems in information technology is associated with programs that are harmful to data systems and networks, examples thereof including viruses, worms and Trojan horses. They intrude into the data system causing various damages to the data system itself and/or other data systems connected thereto.
- programs or program fragments causing or being able to cause damage are generally re ⁇ ferred to as malicious programs.
- the principal means for preventing malicious programs has been to identify malicious programs by means of protective mechanisms.
- Such preven ⁇ tive mechanisms include firewalls and virus scans, for example. Once a new malicious program, for instance a new virus, is identified, a representative sample (bit string) is taken thereof, and added to the database of the provider of the protective mechanisms, from where the users are able to update their preventive mechanisms.
- this technology is not watertight for several reasons, as persons skilled in the art are very well aware of. A specific problem is for instance that malicious programs are able to hide inside a seemingly good-natured program and are activated only after a long period of time.
- the object of the invention is thus to provide a protective mechanism in a manner allowing the above problems to be solved.
- the object of the inven- tion is achieved with a method, data processing system and software (operat ⁇ ing system or an extension to it), which are characterized in what is stated in the independent claims. Preferred embodiments are described in the depend ⁇ ent claims.
- the invention is based on the idea that the present program protection, which is based on the administration of privileges assigned to users, is insuffi- cient. In the present context, a part of a computer or an operating system that administers users' privileges is called a first privilege administrator or user privilege administrator.
- the computer or the operating system also includes a second administrator, i.e. an application privi- privilege administrator, arranged to react to a situation in which an application transmits a request over the application programming interface (API) request ⁇ ing a predetermined system service from the operating system.
- a second administrator i.e. an application privi- privilege administrator
- the set of system services, to the requests concerning which the application privilege administra- tor reacts is as wide as possible.
- the computer or operating system presents a dialogue to the user of the computer, requesting acceptance of the fact that a given application re ⁇ quests a given system service.
- a normal user has the right to use the applications and files to which the system administrator has granted access rights.
- the use of the Internet may be allowed with restrictions or entirely prohibited.
- a system administrator is a user having the right to define the privileges associated with a given com ⁇ puter, a part thereof or a group of computers, privileges in a data network and/or a system.
- the system administrator also obtains a message about pro ⁇ hibited functions.
- the tasks of a system administrator include the addi ⁇ tion and deletion of new users inside a group, and setting the privileges of di ⁇ rectories and files belonging to the group (which may require acceptance from other administrators).
- a system administrator is able to install and update essential software associated with the system, which may include monitoring the system kernel and system connections.
- a non ⁇ technical assignor of file restrictions is a special system administrator capable of determining the publicity of the files and the transfer privileges inside the network and the publicity of the files to the outside.
- Application-specific privileges to different files can be determined in the data system according of the invention. By default, a minimum set of privileges can be applied, the applications having no other access to the files than the read access of an application to the file from which it was started. Other privi ⁇ privileges have to be separately added to the application.
- the right of applications to use peripherals or a telecommunication connection can also be restricted or en ⁇ tirely prohibited. The restrictions may cover the entire peripheral or type of telecommunication connection (e.g. all use of the Internet) or only one specific manner (a certain protocol, gate and/or direction in the Internet). Privileges can also be determined for the functions allowed to said program when the other functions are prohibited.
- a Telnet session by the Telnet program may be allowed while the others are prohibited.
- the destination may also be restricted, whereby a connection in an internal network is free but there is no access to an externa! network.
- the user may exceptionally grant (such as in connection with file processing) one-time ac ⁇ cess right to an application also as regards others than files.
- the file ac ⁇ cess rights should preferably be as restricted as possible in order to prevent background file transfer without the user's permission.
- Installing new software into a computer can take place either from a transferable storage media or by loading the software over a network (from the provider's Internet pages or some other location distributing software).
- the execution of the prohibited function would be prevented and a message would be transmitted to the system administrator.
- the system may always store information about the state of the program for later analysis.
- the prohibition of certain functions prevents a malicious program (e.g. a spying program) from transmit ⁇ ting further any data it collected, from spreading within the network and from causing the system any other damage.
- the first program to be started is either an installation program that creates an operating envi ⁇ ronment for the actual program and, at its simplest, only an application in the form of one file.
- An installation program typically decompresses the software components (files) and creates a home directory for the application.
- the installation program transmits a system request to the operat ⁇ ing system specifying the properties of the home directory requested by the installation program.
- the system checks if the user has the right to create the directory. If so, the system opens a query window for the user requesting ac- ceptance to the creation of the home directory in a certain place in the direc ⁇ tory system and its future privileges. The location of the home directory can also be determined different from the proposal.
- the system creates the directory to which the installation program, or if the application directly creates the home directory, the application itself, has access right in a manner ac- cepted by the user.
- the installation program/application initializes the home directory and creates the necessary files. Any other telecommunication manners required by the program can also be initialized at this stage. For ex ⁇ ample, allowing the program to use the Internet to some predetermined ad ⁇ dresses or freely by using given protocols.
- an operating environment is created for the application wherein it can operate, i.e. it has accurately specified privileges within the scope of the system, includ ⁇ ing the right to use previously specified files, for example.
- Run-time files and protocols for modifying their privileges and names that are allowed when a task/file is opened in the application may also be specified for an application.
- the easiest way to determine such an operation is by the installation program, the installer of the application accepting the use of different types of files, e.g. temporary, background/backup files (name.tmp, name.hak, wherein 'name' is the name of the original file without an extension).
- the specifications can be changed later, and the system maintains information about the privileges in a database, where the user may study and change the privileges allowed.
- an initialized application has no ac ⁇ cess right to other system files than those that were separately assigned to the application in connection with the installation. In normal operating situations, the use of the files specified in the installation is sufficient, and other privileges may impair system security.
- the application When the user starts an application and wishes to use the application for processing a file, the application usually has no access right to said file.
- the user may temporarily grant the application a right to use a file, pro ⁇ vided the user has a right to the file. Granting of the use right takes place by the application specifying, to the operating system, the properties that the files to be opened should have (at least read/write access, file type or types the user can select from). Once the properties of the file are specified, the applica ⁇ tion executes a system call including the specification of the file properties as parameter. The operating system creates a selection window onto the display, and the user is able to select one or more files from the window. Once the user has selected the file(s) and accepted the privileges the application will have to be able to use the file(s), the operating system opens the file(s) and returns the handle to the opened file(s).
- the application is now able to use the file(s) by the access rights and restrictions accepted by the user. Since a corresponding manner of selection is in use in present graphic operating systems, the system of the invention operates transparently as regards the user. From the point of view of the user, only the temporary transfer of access right, invisible to the user, is new to the application.
- the selection window only shows the files from which the user is able to select on the conditions set by the application. For example, if write access is specified as a requirement, the files to which the user has only read access are not shown. The user may select different conditions as the basis of the selec ⁇ tion, of which the application is also informed. Such a situation may arise when the user wishes to use a text processing program to look at a file to which the user only has read access. A text processing program operated in the usual manner tends to open all files with write access, too (initially only the files to which the user has write access are shown in the selection window).
- the text processing program now operates in read-only mode and makes a remark if attempts are made to make amend ⁇ ments.
- the application is designed for present operating environments, wherein a selection window call is separately made for restoring the name of a file, and the following file opening call, compatibility can be achieved by the system enabling the opening of a file with the same name later with similar (or more constricted) conditions as were in the selection window accepted by the user.
- the selection window displayed is identical.
- this situa ⁇ tion can be allowed often without confirmation from the user. This is the case particularly when start-up takes place on a command line, where the files are also specified. However, if the application deletes or empties a previous file, this cannot be accepted without confirmation from the user, unless the ap ⁇ plication has access right to the file (for instance a situation wherein the same application created the file previously).
- the applica ⁇ tion is unable to directiy change the user's file access rights, but the change always takes place by means of a system call, and the system requests for permission to the change from the user. If the user has no right to the change, the request to change returns as an error situation to the application.
- the file is specified as generally readable, then reading thereof is pos ⁇ sible without separate opening measures or keys. For these files, a mere opening request using a name and/or search path is sufficient.
- such files exist in servers containing public material and connected to the Internet. However, changing these files, too, is subject to the user having normal access right to change, whereby opening by using write access takes place in the same way as for any other file. Alternatively, consent to the writing may be re- quested in connection with the storing.
- the owner of a file may also be an application in which case the users' read/write access is limited or entirely prohibited.
- files comprised by the database of a database program which are usable only by using the database program.
- An application may have the same access right to files, as do the users.
- File-specific usage limitations may be employed to delimit the distribu ⁇ tion of files and other functions. Examples of restrictions associated with us ⁇ age: - a mark in a log file about the opening of a file
- Usage restrictions may also be time-bound, for instance a newssheet may be secret at first, but free for distribution after the time of publication.
- An application may have several projects registered to the system, which can be easily opened without each file being separately verified.
- One project may comprise a plurality of files.
- An example of a project is an inte ⁇ grated program development environment having dozens of source code files and in addition several library files. The project may have only read access to the library. In such a situation, the different applications may also have access right to the same file, whereby an application does not require separate per ⁇ mission from the user for processing the file. Access rights are specified in the system when files are added to the project.
- the rights of the applications are defined when the software is being installed; for example, an application may be defined as software operating according to the project principle.
- the computer and operat ⁇ ing system of the invention maintain historical data.
- the application When a user opens an application that he used previously and then closes it in such a manner that the files used by the application remain open, the application is able to store the current status in a history file indicating to the system that the opened files will open automatically when the same user starts the same application the next time.
- This function is usable in situations wherein the application returns to the state wherein it was before being closed.
- a text processing program may open a file and return to the same place where the cursor was when the user last finished working. This being so, the user is able to continue his interrupted work without separate opening of the files.
- Another example is the ability to reopen files that were last open from a menu. History data about files may be maintained for a longer period if useful in view of the usability of the application. Yet further, such history data may be used to improve usability such that the next time a user uses an application to access mass memory, the resulting dialog window begins in the directory last used by that application.
- the application itself may not be allowed to see the directory structure of the mass memory.
- the user may have stored an attachment file received via e-mail.
- the user opens a second file into which the attachment file is to be inserted. Because the attachment file was saved in a different directory from the one which relates to the present work, it is a time-saving feature to be able to quickly access the directory in which the e-mail attachment was saved.
- the system can offer a few directories used by the user and/or applica ⁇ tion for quick access.
- the list of directories for quick access is preferably user- modifiable.
- All confirmation queries and logins preferably take place via the system, and no information thereon is transferred to applications other than if the func ⁇ tion requested is accepted or rejected. Except for system tools (i.e. an applica ⁇ tion whose privileges allow operation as a system tool), the applications are not able to make changes to system-level settings, even if they possessed user ids and passwords or the corresponding data allowing a registered user to make changes. This ensures that information obtained via a spying program or in another manner cannot be used to break into the system or change the privi ⁇ privileges or settings of applications and/or users.
- system tools i.e. an applica ⁇ tion whose privileges allow operation as a system tool
- Some applications may have broader rights to make changes in the system than a user does, whereby the user's rights are a limit to allowed changes, i.e. the user is able to assign privileges to an application within the limits of his own privileges.
- Examples of applications that may have broader rights to changes than users include system management tools for specifying the privileges of appli ⁇ cations and users.
- an application has no right to use a network, or the right may be restricted only to certain addresses (e.g. business partners) and/or proto ⁇ cols, in this case, too, it is preferable to request confirmation from the user be ⁇ fore setting up the connection.
- a network administrator may allow broader rights to certain reliable programs to use the Internet. Examples of such programs are various programs used in telecommunication (www browsers, Telnet, FTP, etc.). In these cases, the protocols are limited and only communication outward is al ⁇ lowed, i.e.
- the system does not act as a server without the user's knowing, for example.
- file access right should not be granted to such programs without the user's selection, allowing a background transfer without the user's knowledge to be prevented.
- Usage restrictions may be specified for files, pre ⁇ venting them from being transmitted via the Internet. For example, if a usage restriction is associated with a file, preventing it from being transmitted to the Internet, such a file is not transmitted to the Internet.
- a server application is installed in a network, then its network privi ⁇ privileges are determined in a manner allowing the server application to reply only to external queries, and all files to be used are only readable by using the server application. Other files may be invisible.
- the files are usable as usual (depending on the user).
- a protocol should be used that includes a check of the transmitter's authenticity. This may take place for instance by in ⁇ quiring of the server from which the message seems to have arrived (based on the transmitter's verbal address, not numerical IP address) if it transmitted the message. If not, then the transmitter's address is likely to be forged, and the message can be rejected.
- encryption, a digital signature and con ⁇ firmations can still be used to increase the certainty of the authenticity of the message (legally demonstrable as valid).
- a user of a remote computer can exercise privileges of a local computer via a channel secured by encryption.
- File processing and other system commands have to be transmitted to the system by using encrypted key codes.
- These highly encrypted code keys ensure that malicious programs operating in the other computers of the network cannot change the specifica ⁇ tions, files or file specifications of a protected computer.
- similar restrictions associated with the usage are associated with network usage.
- the restrictions of the usage of the internal network of an organization are usually associated with file usage restrictions, but restrictions external to the organization may be associated with restrictions concerning file distribution.
- Figure 1 shows the architecture of a data system according to the invention
- Figure 2 shows the installation of an application program
- Figure 3 shows a signalling process in connection with the execution of an ap- plication program
- Figure 4 shows a user interface when an application program usage adminis ⁇ trator requests that a user update the privileges of the application program
- Figure 5 shows a dialogue window when an application privilege administrator requests permission for executing a function from the user of a computer.
- FIG. 1 shows the architecture of a data system according to the in ⁇ vention.
- a typical example of a data system is a general-purpose computer, but the data system of the invention may also be applied to other data process- ing systems, such as mobile stations and embedded systems.
- the data sys ⁇ tem comprises equipment 160 and an operating system 110.
- the equipment 160 comprises the following blocks: chipset (including main memory) control 162, keyboard 163, mass mem ⁇ ory/memories 164, local area network 165, security-critical input/output devices 166, display 167 and non-security-critical input/output devices 168.
- a user uses applications generally denoted by reference numeral 102.
- the applications 102 do not use the equipment 160 directly, but via an applica ⁇ tion programming interface (API) 112, as is evident to those skilled in the art.
- API applica ⁇ tion programming interface
- an application does not have to know to which device port or ad- dress a disk drive is connected or which of its sectors contains free space.
- the application 102 transmits service requests, i.e. system calls, via the application programming interface 112 to the operating system 110.
- a ser ⁇ vice request relates to a disk drive
- the operating system 110 processes it, tak ⁇ ing into consideration the file system and file parameters 122 of said disk drive, and transmits the request to a mass memory 154 via a protected equipment interface 150 of an allocation logic 126 of the mass memory.
- telecommunication takes place via telecommunication logic 132 to telecommu ⁇ nication equipment, which in the example of Figure 1 is represented by a local area network 165, via which for instance the Internet traffic is assumed to take place. All elements of Figure 1 described so far may be of conventional tech ⁇ nology.
- a first i.e. a user privilege administrator 114
- the user privileges administrator 114 uses a privilege database 124, in which is stored information about the rights each user or user group has to the different parts of the system.
- the user privi ⁇ privileges administrator 114 may be disabled or totally lacking, whereby each user is automatically a super user.
- the data system according to the invention particularly the operating system 110, therefore contains a second privilege administrator 116 administering the privileges of each application 102.
- the application privilege administrator 116 is arranged to administer the privileges of each application 102 on the basis of the identifier of said application, i.e. not on the basis of the user's identifier. Its operation may be largely analogous to the operation of the first, i.e. the user privilege administrator 114. An essential difference is in that when the user privilege administrator 114 checks if said user has the right to the requested operation, then the application privilege administrator 116 checks if said application has the right to the requested operation.
- the application privilege administrator 116 Since the application privilege administrator 116 is part of the operating system 110, a malicious program cannot bypass it in order to request system services from the equipment 160. Only a very small number of system services may be requested from the equipment 160 via the application programming interface 1 12, other than via the application privilege administrator 1 16. As ex ⁇ amples of such services may be mentioned the use of a restricted display 167 and the non-security-critical input/output devices 168.
- the application privilege administrator 116 applies a set of default-value privileges to the application.
- the set of default-value privileges may be fixedly coded in the application privilege administrator 116 or it may be maintained in the privilege database 124.
- the set of default-value privileges typically contains the right to limited use of the display 167 (but not the right to change display settings, for example).
- the application privilege administrator 116 inquires permission to this of the user of the computer. An exemplary dialogue window for this purpose is shown in Fig- ure 5. Inquiring permission of the user also takes place as a function of the operating system 110, not of the application 102.
- the application privilege administrator 116 is part of the operating system 110, or an ex ⁇ tension of the operating system located between the application programs and any of the security-critical functions of the operating system.
- the operating system usually operates in a processor operating state, wherein different processes are isolated from each other, i.e. protected from errors of other processes. Protection of the kernel of the operat ⁇ ing system is typically secured by internal checking mechanisms, which, par- ticularly in connection with updates, check the authenticity of new loadable parts, since a kernel error or a spying or other malicious program endangers the security of the entire system.
- the system preferably operates in such a manner that file com ⁇ mands in connection with the reading of other than public files require the use of key codes.
- the key codes are highly encrypted packets enabling the trans ⁇ mission of system information between computers. The transfer of confidential files to the outside of the internal network (to the Internet) requires that the files be encrypted.
- - Ask permission for the function provided the user has the right to give permission.
- file processing to which the user has the right.
- the user/application may open the file first in read-only state, after which the user, however, wishes to change the file.
- the application is closed and a message is transmitted to the system administrator.
- a computer connected to the system can be monitored as remote moni ⁇ toring, whereby setting and monitoring commands are transmitted in encrypted form to the computer via a local area network or an Internet connection. The computer also transmits a message about prohibited functions via the network to the administrator.
- FIG 2 shows the installation of an application program.
- An installation program 21 which from the point of view of the system is an example of the application 102 shown in Figure 1 , executes the phases on the left side of the vertical line, which are generally denoted by reference numeral 20.
- a data sys- tern provided with the function of the invention, mainly the operating system 110 of a computer and the equipment 160, executes the steps on the right side of the vertical line. These steps are commonly called installation logic and de ⁇ noted by reference numeral 21.
- the installation program is activated; it performs internal tests and collects information about its environment. The system re ⁇ plies to inquiries about the environment, provided the information requested is public.
- step 2-6 the installation program has performed internal initialization, after which the creation of the home directory is started.
- step 2-8 the sys ⁇ tem makes a proposal for the home directory according to parameters speci- fied by the application.
- step 2-10 the system checks if the user has the right to create the home directory on the conditions specified by the application? If not, return occurs by an error code.
- step 2-12 the system requests permis ⁇ sion for creating the home directory from the user and checks if the user gave the permission.
- step 2-14 if the user gave the permission, the system cre- ates the home directory.
- step 2-16 the installation program checks if the home directory is created. If not, the installation is aborted. The installation application now has access right to the files to be created and to change their rights.
- step 2-18 the installation program copies and unpacks the application parts into the home directory.
- step 2-20 the system writes and sets the file privileges ac ⁇ cording to the information given by the installation program.
- the assumption in this example is that the installation program creates not only an application-specific home directory, but also a user-specific direc ⁇ tory, which is created and initialized in step 2-22.
- step 2-24 the system re ⁇ quests permission for creating a default directory for one or more users.
- step 2-26 the installation program specifies the processing of the default names and allowed changes of the files.
- step 2-28 the system requests permission, and having obtained the permission, creates information into the database about the name protocol of the application.
- step 2-30 the allowing of the other system rights to the application takes place, a network connection to a provider, for example.
- step 2-32 if the user has the right to set network rights, permission is requested from the user. If not, return takes place by an error code.
- the right can be set as one ⁇ time (registration) or continuous (update). The update cannot take place in the background; instead, permission is always requested from the user before connection establishment.
- step 2-34 the application is installed and the installation program is left with access to the home directory and to other permanent rights. System administrators are able to change the privileges of an application.
- Figure 3 shows a signalling process in connection with the execution of an application program. As Figure 2, Figure 3 is divided by a vertical line into steps performed by an application 30, which is an example of the application 102 of Figure 1 , and the system 110/160 of the invention. The steps performed by the system 110/160 are generally called application execution logic and designated by reference numeral 31.
- step 3-2 the application is started, and it performs internal tests and an initialization for execution.
- step 3-4 the system replies to inquiries about the environment, provided the information requested is public to said applica ⁇ tion.
- step 3-6 the application has performed the internal initialization.
- step 3-8 the user selects the opening of a work (e.g. a file) from a menu.
- step 3- 10 the application initializes the selection data of the work file to be opened.
- step 3-12 a selection window is opened for the user; the window showing the files the user has access rights determined by the application.
- step 3-14 the user selects a file or changes the file display conditions (e.g. the directory), whereby the selection window is updated.
- step 3-16 the user has selected a file, which is opened by the access rights belonging to the user and the appli ⁇ cation.
- step 3-18 the application may use the selected file in the manner chosen by the user. Should the user wish to open more files, the process re- enters step 3-10.
- step 3-20 files according to the modification rights of the files of the application are created.
- step 3-22 the system opens, deletes and modifies the files within the limits of the modification rights belonging to the user and the application.
- step 3-24 the application uses the files to control the user.
- step 3-26 the system reads and writes files.
- step 3-28 the processing ends, and the application requests that the system store the changes in the files and close the files. The system imple- ments the requested actions in step 3-30.
- step 3-32 the application re ⁇ quests that the system rename the files and delete temporary files.
- step 3- 34 the system implements the requested actions.
- step 3-36 the application has no open tasks (files), and it is ready to start a new task or end the applica ⁇ tion.
- step 3-38 the system has closed the files; reopening takes place on the basis of a query to the user.
- Figure 4 shows an example of the data structures employed by an ap ⁇ plication privilege administrator.
- the application privilege administrator 114 uses the privilege database 124.
- Reference numeral 47 denotes an exemplary user group list comprising three user groups UG1 to UG3.
- User group UG2 contains three applications APL 1 to APL3, etc.
- Reference numeral 48 denotes an exemplary file structure, on the basis of which the rights of each user and application to each file are determined.
- the aforementioned project principle wherein one project comprises a plurality of logically interconnected files, can be implemented by marking the project as the owner of a file group and by assigning the right to the files of the file group thereto.
- Reference numeral 49 denotes an exemplary file structure indicating the access rights of different applications to the parts of the equipment.
- the data structure 49 is interpreted such that application TELNET is able to set up a connection with the TCP/IP protocol of a LAN device by using a telnet port.
- application TEL_SRV may act as a receiver (server) with the TCP/IP protocol of the LAN device by using the telnet port.
- Application WWW_SRV may act as a receiver (server) with the TCP/IP protocol of the LAN device by using http and https ports. Furthermore, the application may use a printer (PRN).
- Figure 5 shows a dialogue window 50 when the application privilege administrator requests permission from the user of the computer to perform an operation. The assumption in this example is that application 'abc' requests permission to transmit file 'def by email to address 'ghi'. It is preferable for the dialogue window 50 to display the name of the application to the user and to identify the operation required by the application. If the dialogue window 50 did not show the identifier of the file and the destination address of the email, for example, a spying program could react to the user transmitting a file by email to one destination address (e.g.
- the spying pro ⁇ gram which is located in a graphical image viewing program, for example
- the dialogue window shows that an application, which usually is not assumed to transmit files by email, wishes to transmit a file to a client to an unknown destination, the user is likely to react to such a situation.
- Such a function may also be directly prohibited, allowing the application to be closed immediately.
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA002606029A CA2606029A1 (en) | 2004-07-12 | 2005-07-11 | Mechanisms for executing a computer program |
US11/632,294 US20080086738A1 (en) | 2004-07-12 | 2005-07-11 | Mechanisms For Executing A Computer Program |
EP05770040A EP1782323A4 (en) | 2004-07-12 | 2005-07-11 | Mechanisms for executing a computer program |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FI20045271A FI20045271A (en) | 2004-07-12 | 2004-07-12 | Mechanisms for executing a computer program |
FI20045271 | 2004-07-12 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2006005812A2 true WO2006005812A2 (en) | 2006-01-19 |
WO2006005812A3 WO2006005812A3 (en) | 2006-04-13 |
Family
ID=32749263
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FI2005/050279 WO2006005812A2 (en) | 2004-07-12 | 2005-07-11 | Mechanisms for executing a computer program |
Country Status (6)
Country | Link |
---|---|
US (1) | US20080086738A1 (en) |
EP (1) | EP1782323A4 (en) |
CN (1) | CN101061486A (en) |
CA (1) | CA2606029A1 (en) |
FI (1) | FI20045271A (en) |
WO (1) | WO2006005812A2 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009106176A1 (en) * | 2008-02-25 | 2009-09-03 | International Business Machines Corporation | Dynamic creation of privileges to secure system services |
US8225372B2 (en) | 2008-06-25 | 2012-07-17 | International Business Machines Corporation | Customizing policies for process privilege inheritance |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7873915B2 (en) * | 2006-06-16 | 2011-01-18 | Microsoft Corporation | Suppressing dialog boxes |
US7844783B2 (en) * | 2006-10-23 | 2010-11-30 | International Business Machines Corporation | Method for automatically detecting an attempted invalid access to a memory address by a software application in a mainframe computer |
US7865949B2 (en) * | 2007-01-18 | 2011-01-04 | Microsoft Corporation | Provisional administrator privileges |
JP5659875B2 (en) * | 2011-03-07 | 2015-01-28 | ソニー株式会社 | Wireless communication apparatus, information processing apparatus, communication system, and wireless communication apparatus control method |
FR2974919B1 (en) | 2011-05-04 | 2013-12-13 | St Microelectronics Rousset | PROTECTION OF A VOLATILE MEMORY AGAINST VIRUSES BY CHANGE OF INSTRUCTIONS |
FR2974920B1 (en) * | 2011-05-04 | 2013-11-29 | St Microelectronics Rousset | PROTECTING A VOLATILE MEMORY AGAINST VIRUSES BY MODIFYING THE CONTENT OF AN INSTRUCTION |
JP6091144B2 (en) * | 2012-10-10 | 2017-03-08 | キヤノン株式会社 | Image processing apparatus, control method therefor, and program |
US11275861B2 (en) * | 2014-07-25 | 2022-03-15 | Fisher-Rosemount Systems, Inc. | Process control software security architecture based on least privileges |
CN106959874B (en) * | 2017-03-21 | 2019-11-26 | 联想(北京)有限公司 | The electronic equipment of application management method and application this method based on operating system |
US10824719B1 (en) * | 2017-08-01 | 2020-11-03 | Rodney E. Otts | Anti-malware computer systems and method |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5305456A (en) * | 1991-10-11 | 1994-04-19 | Security Integration, Inc. | Apparatus and method for computer system integrated security |
GB9126779D0 (en) * | 1991-12-17 | 1992-02-12 | Int Computers Ltd | Security mechanism for a computer system |
US6101607A (en) * | 1998-04-24 | 2000-08-08 | International Business Machines Corporation | Limit access to program function |
US6449652B1 (en) * | 1999-01-04 | 2002-09-10 | Emc Corporation | Method and apparatus for providing secure access to a computer system resource |
JP4359974B2 (en) * | 1999-09-29 | 2009-11-11 | 富士ゼロックス株式会社 | Access authority delegation method |
US7962950B2 (en) * | 2001-06-29 | 2011-06-14 | Hewlett-Packard Development Company, L.P. | System and method for file system mandatory access control |
GB0212314D0 (en) * | 2002-05-28 | 2002-07-10 | Symbian Ltd | Secure mobile wireless device |
US7356836B2 (en) * | 2002-06-28 | 2008-04-08 | Microsoft Corporation | User controls for a computer |
-
2004
- 2004-07-12 FI FI20045271A patent/FI20045271A/en not_active Application Discontinuation
-
2005
- 2005-07-11 WO PCT/FI2005/050279 patent/WO2006005812A2/en active Application Filing
- 2005-07-11 EP EP05770040A patent/EP1782323A4/en not_active Withdrawn
- 2005-07-11 CA CA002606029A patent/CA2606029A1/en not_active Abandoned
- 2005-07-11 US US11/632,294 patent/US20080086738A1/en not_active Abandoned
- 2005-07-11 CN CNA2005800275573A patent/CN101061486A/en active Pending
Non-Patent Citations (1)
Title |
---|
See references of EP1782323A4 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009106176A1 (en) * | 2008-02-25 | 2009-09-03 | International Business Machines Corporation | Dynamic creation of privileges to secure system services |
US8359635B2 (en) | 2008-02-25 | 2013-01-22 | International Business Machines Corporation | System and method for dynamic creation of privileges to secure system services |
US8225372B2 (en) | 2008-06-25 | 2012-07-17 | International Business Machines Corporation | Customizing policies for process privilege inheritance |
Also Published As
Publication number | Publication date |
---|---|
EP1782323A2 (en) | 2007-05-09 |
FI20045271A0 (en) | 2004-07-12 |
WO2006005812A3 (en) | 2006-04-13 |
US20080086738A1 (en) | 2008-04-10 |
EP1782323A4 (en) | 2010-03-03 |
CN101061486A (en) | 2007-10-24 |
FI20045271A (en) | 2006-01-13 |
CA2606029A1 (en) | 2006-01-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1782323A2 (en) | Mechanisms for executing a computer program | |
US6658573B1 (en) | Protecting resources in a distributed computer system | |
US8566924B2 (en) | Method and system for controlling communication ports | |
US7840750B2 (en) | Electrical transmission system in secret environment between virtual disks and electrical transmission method thereof | |
JP5061908B2 (en) | Program execution control method and apparatus, and execution control program | |
EP0561509A1 (en) | Computer system security | |
EP1253502A2 (en) | Trusted computer system | |
US20050223239A1 (en) | Method for protecting computer programs and data from hostile code | |
WO2001025922A1 (en) | Method and system for providing data security using file spoofing | |
GB2411988A (en) | Preventing programs from accessing communication channels withut user permission | |
JP2005275775A (en) | Data protection method and authentication method and program | |
US8302206B2 (en) | Appropriate control of access right to access a document within set number of accessible times | |
CN106557669A (en) | A kind of authority control method and device of application program installation process | |
JP2007140798A (en) | Information leakage prevention system for computer | |
JP3630087B2 (en) | Automatic data processor | |
CN106557687A (en) | A kind of authority control method and device of application program installation process | |
JP2006260176A (en) | Confidential document management method and confidential document management system | |
JP6823194B2 (en) | Information processing system, information processing method and information processing program | |
JP3793944B2 (en) | Confidential information access monitoring control method, confidential information access monitoring control system using the access monitoring control method, and recording medium storing the confidential information access monitoring control program | |
US7150041B2 (en) | Disk management interface | |
JP2005038124A (en) | File access control method and control system | |
US6986058B1 (en) | Method and system for providing data security using file spoofing | |
KR20030005760A (en) | Method of access control according to access right of user in Personal Computer and apparatus thereof | |
JP4417129B2 (en) | Distribution system | |
WO2023007570A1 (en) | Information processing method, program, storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
DPE1 | Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 11632294 Country of ref document: US Ref document number: 158/KOLNP/2007 Country of ref document: IN |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2005770040 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 200580027557.3 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWP | Wipo information: published in national office |
Ref document number: 2005770040 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2606029 Country of ref document: CA |
|
WWP | Wipo information: published in national office |
Ref document number: 11632294 Country of ref document: US |